RE: IPsec Tunnel problem seek confirm from author or anyone knows

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7C8FC.40210A83
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Darren,

Sorry to bother again. But my colleagues keep asking if you can
take this fix into pfil module. Or you think
We'd better use it in our side? Attached is patch file to pfil2.1.7.

Regards,
Lan Zang(Sander)

-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au
[mailto:owner-ipfilter@coombs.anu.edu.au] On Behalf Of Zang, Lan
(Sander)
Sent: Tuesday, June 26, 2007 17:33 PM
To: Darren Reed
Cc: darrenr@reed.wattle.id.au; ipfilter@coombs.anu.edu.au
Subject: RE: IPsec Tunnel problem seek confirm from author or anyone
knows

Darren,

Do you agree that I just add the single condition before clear
qif->qf_hl in qif_attach()? That is just
if (qif->qf_hl =3D=3D 0)
???

Regards,
Sander

-----Original Message-----
From: owner-ipfilter@coombs.anu.edu.au
[mailto:owner-ipfilter@coombs.anu.edu.au] On Behalf Of Zang, Lan
(Sander)
Sent: Thursday, June 21, 2007 9:14 AM
To: Darren Reed
Cc: darrenr@reed.wattle.id.au; ipfilter@coombs.anu.edu.au
Subject: RE: IPsec Tunnel problem seek confirm from author or anyone
knows

Darren,

There are two reasons for which I do not agree.
1) The ill_hdr_length member of struct ill_t is defined only
when SOLARIS2 < 8. You can't use ill->ill_hdr_length in
Solaris8 or above.
2) If I'd use this condition the whole code would be(suppose it
is in solaris7 or below). I think the second condition Is not needed. I
mean if ill->ill_hdr_length IS 0, qif->qf_hl will not be modified
anyway(it is 0 already).
if (qif->qf_hl =3D=3D 0 && ill->ill_hdr_length !=3D 0) {
qif->qf_hl =3D ill->ill_hdr_length;
}

So, here my question is do you mean '||' instead of '&&' like
the following line?
if (qif->qf_hl =3D=3D 0 || ill->ill_hdr_length !=3D 0)

If so, the codes shall be
#if SOLARIS2 < 8
If (qif->qf_hl =3D=3D 0 || ill->ill_hdr_length !=3D 0){
qif->qf_hl =3D ill->ill_hdr_length;
}
#else
if ((qif->qf_hl =3D=3D 0) || ((ill->ill_type > 0) && (ill->ill_type
< 0x37) &&
(hdrsizes[ill->ill_type][0] =3D=3D ill->ill_type) &&
(hdrsizes[ill->ill_type][1] !=3D 0)))
qif->qf_hl =3D hdrsizes[ill->ill_type][1];

if (qif->qf_hl =3D=3D 0 && ill->ill_type !=3D IFT_OTHER) {
cmn_err(CE_WARN,
"!Unknown layer 2 header size for %s type %d sap
%x\n",
qif->qf_name, ill->ill_type, ill->ill_sap);
}
#endif

These codes also works. Which one do you prefer?

Regards,
Sander

-----Original Message-----
From: Darren Reed [mailto:avalon@coombs.anu.edu.au]
Sent: Wednesday, June 20, 2007 14:29 PM
To: Zang, Lan (Sander)
Cc: darrenr@reed.wattle.id.au; ipfilter@coombs.anu.edu.au
Subject: Re: IPsec Tunnel problem seek confirm from author or anyone
knows

Does it work for you if you change your if() to be:

if (qif->qf_hl =3D=3D 0 && ill->ill_hdr_length !=3D 0)

?

Darren




------_=_NextPart_001_01C7C8FC.40210A83
Content-Type: application/octet-stream;
name="patch-pfil2.1.7"
Content-Transfer-Encoding: base64
Content-Description: patch-pfil2.1.7
Content-Disposition: attachment;
filename="patch-pfil2.1.7"

ZGlmZiAtTmF1ciBwZmlsL1N1bk9TL3FpZi5jIHBmaWwucGF0Y2 gvU3VuT1MvcWlmLmMNCi0tLSBw
ZmlsL1N1bk9TL3FpZi5jCTIwMDQtMTAtMjggMjE6MjE6MzIuMD AwMDAwMDAwICswODAwDQorKysg
cGZpbC5wYXRjaC9TdW5PUy9xaWYuYwkyMDA3LTA2LTE1IDE1Oj Q2OjI5Ljc1MDA5OTAwMCArMDgw
MA0KQEAgLTI5NCw2ICsyOTQsOCBAQA0KIAl9DQogDQogCXFpZi A9IHJxLT5xX3B0cjsNCisJaWYg
KHFpZi0+cWZfaGwgPT0gMCkNCisJew0KICNpZiBTT0xBUklTMi A8IDgNCiAJcWlmLT5xZl9obCA9
IGlsbC0+aWxsX2hkcl9sZW5ndGg7DQogI2Vsc2UNCkBAIC0zMD csNyArMzA5LDcgQEANCiAJCQlx
aWYtPnFmX25hbWUsIGlsbC0+aWxsX3R5cGUsIGlsbC0+aWxsX3 NhcCk7DQogCX0NCiAjZW5kaWYN
Ci0NCisJfQ0KIAkvKg0KIAkgKiBQcm90ZWN0IGFnYWluc3QgdG hlIHFpZl90IGJlaW5nIGJvdW5k
IGFnYWluc3QgYW4gaW50ZXJmYWNlLCB0d2ljZQ0KIAkgKiBieS BnZXR0aW5nIGEgbG9jayBvbiBz
ZXR0aW5nIHFmX2JvdW5kIGFuZCBkb24ndCByZWxlYXNlIGl0IH VudGlsDQo=

------_=_NextPart_001_01C7C8FC.40210A83--